Two flaws were found in the way SeaMonkey processed certain regularexpressions. A malicious web page could crash the browser or possiblyexecute arbitrary code as the user running SeaMonkey. (CVE-2006-4565,CVE-2006-4566)

A flaw was found in the handling of Javascript timed events. A maliciousweb page could crash the browser or possibly execute arbitrary code as theuser running SeaMonkey. (CVE-2006-4253)

Daniel Bleichenbacher recently described an implementation error in RSAsignature verification. For RSA keys with exponent 3 it is possible for anattacker to forge a signature that would be incorrectly verified by the NSSlibrary. SeaMonkey as shipped trusts several root Certificate Authoritiesthat use exponent 3. An attacker could have created a carefully craftedSSL certificate which be incorrectly trusted when their site was visited bya victim. (CVE-2006-4340)

SeaMonkey did not properly prevent a frame in one domain from injectingcontent into a sub-frame that belongs to another domain, which facilitateswebsite spoofing and other attacks (CVE-2006-4568)

A flaw was found in SeaMonkey Messenger triggered when a HTML messagecontained a remote image pointing to a XBL script. An attacker could havecreated a carefully crafted message which would execute Javascript ifcertain actions were performed on the email by the recipient, even ifJavascript was disabled. (CVE-2006-4570)

A number of flaws were found in SeaMonkey. A malicious web page couldcrash the browser or possibly execute arbitrary code as the user runningSeaMonkey. (CVE-2006-4571)

Users of SeaMonkey or Mozilla are advised to upgrade to this update, whichcontains SeaMonkey version 1.0.5 that corrects these issues.

For users of Red Hat Enterprise Linux 2.1 this SeaMonkey update obsoletesGaleon. Galeon was a web browser based on the Mozilla Gecko layout engine.

4. Solution:

Before applying this update, make sure all previously released erratarelevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriateRPMs being upgraded on your system.